Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN' (ok)
https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin
Last updated
Was this helpful?
https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin
Last updated
Was this helpful?
Đã ok.
https://github.com/niutech/x-frame-bypass
Ask QuestionAsked 6 years agoActive 5 months agoViewed 31k times52
Getting an error when i try to inspect element in chrome:
Refused to display 'http://www.samplesite.com/' in a frame because it is set 'X-Frame-Options' to 'SAMEORIGIN'.
How to display a site inside an iframe in which the website has 'X-Frame-Options' to 'SAMEORIGIN'?
Possible duplicate of How to set 'X-Frame-Options' on iframe? – Quentin Jan 22 '19 at 14:50
Web server conf,
for me i use nginx.conf
find add_header X-Frame-Options SAMEORIGIN; and change it toadd_header X-Frame-Options "ALLOWALL";
4From where we should change this settings. – Sukhpal Singh Sep 12 '18 at 4:44
To solve this error:
You just place this code in your .htaccess file according to the access level you want to provide:
X-Frame-Options: deny
X-Frame-Options: sameorigin
X-Frame-Options: "allow-from https://example.com/"
Me too I had a similar problem. Loading my web page into an iframe on another website I was getting this error: Refused to display 'https://mywebsite.com' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I've solved using this web component that allow an IFrame to bypass the X-Frame-Options: deny/sameorigin response header. https://github.com/niutech/x-frame-bypass
To test it, just save this code in an index.html file and place in the same directory the file x-frame-bypass.js that you can download from the above Github repository.
Since Safari doesn't support Customized built-in elements, I've added an extra script that allow the support. https://www.chromestatus.com/feature/4670146924773376
3Danger: This script works by passing everything through a proxy server. All data will be visible to the controller of the proxy server (including any login credentials submitted through the iframe). It depends on the proxy server being live (and open proxies like this tend to just strain under ever increasing load until they die and break your site which depends on them). Using a proxy to bypass X-Frame-Options dips into risky intellectual property territory too: you risk getting sued for copyright infringement. – Quentin Jan 22 '19 at 14:47
I tried searching on google but I could not find any proper solution, some are for asp.net only.iframe x-frame-optionsshare improve this question follow edited Jan 21 at 12:45lbonn2,1411919 silver badges3131 bronze badgesasked Jun 26 '14 at 1:53zen26322 gold badges77 silver badges1919 bronze badges
Your web server sends the header and blocks the content. You should probably change this setting to Allow from same origin.share improve this answer follow answered Jul 30 '14 at 6:07ysk78788 silver badges88 bronze badges
.
share improve this answer follow edited Jan 14 '19 at 14:27Paul Roub34.2k88 gold badges6565 silver badges8080 bronze badgesanswered Jan 14 '19 at 14:13Mustaneer Abdullah7144 bronze badgesadd a comment0
share improve this answer follow edited Jan 24 '19 at 6:26answered Jan 22 '19 at 14:44Davide Casiraghi1,22199 silver badges3030 bronze badges
